RADIUS is a well-known standard to authenticate and authorize users to network resources. Generally RADIUS is used to control access to wireless networks as well as network infrastructure components such as VPNs, switches, and routers.
How RADIUS is Used
In order for an organization to leverage RADIUS, they need to set up a RADIUS server and then configure their devices to talk to the RADIUS server. The RADIUS server will accept credentials from endpoints and then verify those against a directory. Once the user has been verified, the user can be admitted to access the resources that are connected via RADIUS. These could include the wireless network or network infrastructure components.
Benefits of RADIUS
The benefits of using RADIUS include enhanced security, greater control and visibility over users and devices, and policy-based access to the network.
Primarily, organizations have been adopting RADIUS as a way to secure their wireless networks. Using a single shared passphrase on an SSID password is clearly a weak security mechanism: it provides you no recourse if you need to remove one specific user from your network, and it means that anyone who shares the passphrase with anyone unauthorized to have it, even inadvertently may be creating an open door for an attacker to directly access your infrastructure. By back-ending the wireless network with a RADIUS server that connects to a directory, each user must connect using their own unique credentials, thereby dramatically increasing security. No user will be granted access without their user credentials being accepted.
Challenges with RADIUS
As with other IT infrastructure, managing and implementing a RADIUS server is not the primary goal for a busy IT team. RADIUS affords the organization better access control, but isn’t an end in and of itself.
RADIUS also tends to become complicated, with a number of different protocols that can be used to authenticate users, complex configuration files or settings, and multiple points to configure properly. Setting up RADIUS can require ensuring that a 802.1X supplicant is on each end user device. Those supplicants will need to be configured to connect with the protocol that you have chosen on the server side. Your RADIUS server will also need to be connected to your directory and that can involve some configuration and adjustment of settings.
Hiring a Service to Install and Manage RADIUS
RADIUS-as-a-Service solutions can offload much of the work of implementing and managing a RADIUS infrastructure.
These cloud-based solutions place a RADIUS endpoint out in the cloud for devices to authenticate against. In the case of RADIUS-as-a-Service being used for wireless network authentication, the incoming end user device connects to the appropriate SSID and then the device’s supplicant forwards credentials to the wireless access point. The access point in turn securely forwards the credentials to the cloud-based RADIUS server which checks the credentials against the directory. If the credentials are valid, the user is granted access to the network.
RADIUS and DaaS
RADIUS-as-a-Service is a core piece of the functionality for Directory-as-a-Service® solutions. Controlling access to devices, applications, and networks is the core of cloud-based directory services. The core directory services support protocols such as LDAP and SAML. At Jumpcloud, we support the RADIUS protocol as well.
In the case of RADIUS, the Directory-as-a-Service® solution creates a RADIUS server for your private use in the cloud that your wireless access points will communicate with, this RADIUS server is set up to authenticate requests to your own JumpCloud account. Through the use of secure TLS-based protocols, all information passed from your WiFi access point to your JumpCloud-hosted RADIUS server is fully protected from eavesdropping, man-in-the-middle, and replay attacks. Organizations no longer need to manage the RADIUS infrastructure nor the directory. Both pieces of infrastructure are delivered as SaaS-based applications.
Radius-as-a-Service for Your Business/Organization
RADIUS is a core part of authenticating and authorizing users on your network and especially the wireless and network infrastructure components of the network. If your organization is interested in the benefits of RADIUS but doesn’t want the headache of managing it, look for a RADIUS-as-a-Service solution.